WordPress WP Recipe Maker Plugin <= 9.1.0 is vulnerable to Cross Site Scripting (XSS)

Software WP Recipe Maker Type Plugin Vulnerable versions = 9.1.0 Fixed in 9.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0384 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 782b4465ae79 Credits wesley wcraft Required...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.36 Fixed in 2.3.37 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-22305 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership...

WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Albo Pretorio Online Type Plugin Vulnerable versions = 4.6.6 Fixed in 4.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22302 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 74619e1b53fd Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress WooCommerce Subscriptions Plugin < 5.8.0 is vulnerable to Broken Access Control

Software WooCommerce Subscriptions Type Plugin Vulnerable versions 5.8.0 Fixed in 5.8.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50850 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 18ef9f3672af Credits Rafie Muhammad...

WordPress 12 Step Meeting List Plugin <= 3.14.28 is vulnerable to Broken Access Control

Software 12 Step Meeting List Type Plugin Vulnerable versions = 3.14.28 Fixed in 3.14.29 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-22296 Patch priority Low CVSS severity Low 4.3 Developer Code for Recovery PSID f23582f9bd35 Credits emad Required...

WordPress Slider by Supsystic Plugin <= 1.8.6 is vulnerable to Broken Access Control

Software Slider by Supsystic Type Plugin Vulnerable versions = 1.8.6 Fixed in 1.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47330 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 5be1957d9f7e Credits Abdi Pranata Requir...

WordPress Import and export users and customers Plugin <= 1.24.6 is vulnerable to Broken Access Control

Software Import and export users and customers Type Plugin Vulnerable versions = 1.24.6 Fixed in 1.24.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-22151 Patch priority Low CVSS severity Low 5.3 Developer Codection PSID 127865efe8c3 Credits emad Requir...

WordPress Product Import Export for WooCommerce Plugin <= 2.3.7 is vulnerable to Arbitrary File Upload

Software Product Import Export for WooCommerce Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-22152 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 7b62ca7055ba Credits Dateoljo of BoB...

WordPress Shield Security Plugin <= 18.5.7 is vulnerable to Cross Site Scripting (XSS)

Software Shield Security Type Plugin Vulnerable versions = 18.5.7 Fixed in 18.5.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22163 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d5c42fda3a58 Credits Yudistira Arya Required...

JVN#51135247: Pleasanter vulnerable to cross-site scripting

Pleasanter provided by Implem Inc. contains a cross-site scripting vulnerability CWE-79. Impact If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user. Solution Update t...

Ecwid Ecommerce Shopping Cart < 6.12.4 - Missing Authorization on multiple functions

Description The plugin is vulnerable to unauthorized access of data and modification of data due to missing capability checks on multiple functions in all versions up to, and including, 6.12.3. This makes it possible for authenticated attackers to access developer tool pages...

WordPress WP Register Profile With Shortcode Plugin <= 3.5.9 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Register Profile With Shortcode Type Plugin Vulnerable versions = 3.5.9 Fixed in 3.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5448 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 4d4b8ee6f41a Credits...

WordPress Shortcodes Finder Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software Shortcodes Finder Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-21750 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0900912a134b Credits Le Ngoc Anh Required privilege...

WordPress Profile Builder Pro Plugin <= 3.10.0 is vulnerable to Sensitive Data Exposure

Software Profile Builder Pro Type Plugin Vulnerable versions = 3.10.0 Fixed in 3.10.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-22141 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d6301bb29b09 Credits Dave Jong...

WordPress Export customers list csv for WooCommerce Plugin <= 2.0.7 is vulnerable to Broken Access Control

Software Export customers list csv for WooCommerce Type Plugin Vulnerable versions = 2.0.7 Fixed in 2.0.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e6d6b8682f99 Credits WordFence...

WordPress WordPress Manutenção Plugin <= 1.0.6 is vulnerable to Bypass Vulnerability

Software WordPress Manutenção Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-22139 Patch priority Low CVSS severity Low 3.7 Developer Claim ownership PSID d419565972b3 Credits Brandon Roldan Required privile...

WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Broken Access Control

Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6158 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b43943b2a15f Credits Francesco Carlucci Required...

WordPress Email Encoder Bundle Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7070 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbe9fb4a4a45 Credits Webbernaut Require...

WordPress Customer Reviews for WooCommerce Plugin <= 5.38.9 is vulnerable to Arbitrary File Upload

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.38.9 Fixed in 5.38.10 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6979 Patch priority Medium CVSS severity Medium 9.8 Developer Claim ownership PSID f2b42bb42f3b Credits Artem Guzhva...

KLA62822 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in NET, .NET...